More than a billion Android devices are easy to hack

A large percentage of Android devices is affected by security vulnerabilities that could be exploited by attackers to easily gain a Root Access.

According to experts at TrendMicro a large percentage of Android devices in use today is affected by security vulnerabilities that could be exploited by attackers to easily gain a root access.

The attack allows an ill-intentioned to escalate the privileges of any code that is executed on a target device, however, this attack scenario sees an attacker having installed his malicious code onto the device in the first place. Android users need to be very careful of installing any mobile apps from untrusted sources.

Below the description provided by TrendMicro for the CVE-2016-0819 and CVE-2016-0805 flaws discovered by its experts:

CVE-2016-0819

We discovered this particular vulnerability, which is described as a logic bug when an object within the kernel is freed. A node is deleted twice before it is freed. This causes an information leakage and a Use After Free issue in Android. (UAF issues are well-known for being at the heart of exploits, particularly in Internet Explorer.)

CVE-2016-0805

This particular vulnerability lies in the function get_krait_evtinfo. (Krait refers to the processor core used by several Snapdragon processors). The function returns an index for an array; however, the validation of the inputs of this function are not sufficient. As a result, when the array krait_functionsis accessed by the functions krait_clearpmu and krait_evt_setup, an out-of-bounds access results. This can be useful as part of a multiple exploit attack.

The problem affects the Qualcomm Snapdragon systems on a chip, more than a billion devices is at risk. The root access to a mobile device allows an attacker to conduct a number of malicious activities, from surveillance to financial frauds.

The vulnerability could be exploited by simply running a malicious app on snapdragon-powered Android devices. Experts at TrendMicro privately reported the security holes to Google that fixed them.

As usually happen in these cases, the high fragmentation of the Android market complicates the patch management process. Many users are still vulnerable to the attack waiting for a security patch.

“As the number of embedded SoCs in devices explode with the IoT growth, we anticipate that these kinds of vulnerabilities will become a bigger problem that will challenge the overall security posture of Internet of Things.” continues the post published by TrendMicro.

Going into technical details, the flaws could be exploited in every mobile and IoT devices that could allow the invocation of the system call perf_event_open. Fortunately, many vendors can have customized the kernel and SELinux policies in order to avoid the call.

According to the Nexus Security Bulletin – February 2016, the CVE-2016-0805 vulnerability affects versions earlier than 4.4.4 to 6.0.1, this means that Nexus 5, Nexus 6, Nexus 6P, Samsung Galaxy Note Edge are vulnerable to the attack.

“We believe that any Snapdragon-powered Android device with a 3.10-version kernel is potentially at risk of this attack. As mentioned earlier, given that many of these devices are either no longer being patched or never received any patches in the first place, they would essentially be left in an insecure state without any patch forthcoming.” conclude TrendMicro.

Share On

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.AcceptRead More

Privacy and Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.